6 matches found
CVE-2023-6541
The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-6541
The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-6541 Allow SVG < 1.2.0 - Author+ Stored XSS via SVG
The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-6541 Allow SVG < 1.2.0 - Author+ Stored XSS via SVG
The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...
CVE-2023-6541
The CVE-2023-6541 entry concerns the WordPress Allow SVG plugin prior to 1.2.0, where uploaded SVGs are not sanitized, enabling stored XSS via SVG payloads uploaded by users with as little as Author privileges. Impact is cross-site scripting with low to moderate severity per sources; remediation:...
WordPress Allow SVG Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Allow SVG Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1ff41df5c9e Credits Bob Matyas Required privilege...